I’m trying to understand the notary architecture located here https://docs.docker.com/notary/service_architecture/ but having some trouble understanding what they mean by a few things as the diagrams lack some details on what is what. Kind of assumes you know looking at the pic what a images is.
Anyway I’m trying to understand the entire process and what is run where and where keys are generated and protected.
First off I guess the icon on the left that looks like a desk top computer is say the client/end user of a container?
Then they try to authenticate to a notary server. What is this authentication server? Is this some LDAP, some container? Where does it run on it’s on system/container or inside the notary container? Really could not tell looking even at the directions to start-up notary. Seems to be related somehow to implementing JWT or an implementation of JWT? Is this something you do yourself or part of the directions here that start this authentication server? https://docs.docker.com/notary/running_a_service/
I thought maybe something in Docker Registry 2 that followed might help but that really did not either. https://github.com/docker/distribution/blob/master/docs/spec/auth/token.md